TECHNOLOGY

How Secure Is Julian Assange's "Thermonuclear" Insurance File?

Could Wikileaks's most damaging files be hacked too early?

1/2

By Dan Nosowitz

December 7, 2010

Once your leader has been compared to a Bond villain, you might as well go all the way, right? A few months back, Wikileaks released a giant file that's been referred to as the "thermonuclear" option, should the organization's existence be threatened: A huge compendium of some of the most damaging secrets Wikileaks has collected, protected with an intense brand of secure encryption–for use as insurance. With Assange now in police custody on sex crimes charges, the "poison pill" is on everyone's mind.

The pill in question is a 1.4GB file, circulated by BitTorrent. It's been downloaded tens of thousands of times, no mean feat for what, at the moment, is a giant file with absolutely no use whatsoever. It's waiting on the hard drives of curious Torrenters, Wikileaks supporters, and (you can bet) government agents worldwide, awaiting the password that'll open the file to all. Although no one is sure of its contents, the file is speculated to contain the full, un-redacted documents collected by the organization to date (including, some are guessing, new documents on Guantanamo Bay or regarding the financial crisis). It has yet to be cracked, at least not publicly, though there is a hefty amount of activity from those trying, at least a little, to break into it before Assange releases the key.

What makes this so pressing is Assange's recent arrest in London, on, to say the least, somewhat controversial sex crimes charges in Sweden. There's been speculation that this could be the lead-up to more severe prosecutioncertain American politicians have called for prosecuting Assange for "treason," apparently not realizing or caring that Assange is an Australian nationaland could in turn lead to his releasing of the password for these documents.

The file is titled "insurance.aes256," implying that it's protected with an AES 256-bit key, one of the strongest in the world. The thing is, there's no actual way to figure out the type of encryption used. Though there's no particular reason for Assange to lie about the security he used, it's something to keep in mind. Let's assume for the moment that it is indeed an AES-256 encryption, which begs the question: What is AES?

Advanced Encryption Standard

Advanced Encryption Standard, or AES, is a cipher standard which came into wide use in 2001. AES is a block cipher rather than a stream cipher, meaning "blocks" of data are converted into encrypted gibberish, 128 bits at a time. It's perhaps the most-used block cipher in the world, used by, for example, the Wi-Fi protection known as WPA2. But it came to prominence in 2001 as a result of winning a contest held by the National Institute of Standards and Technology to find a new standard encryption. That led to its adoption by the NSA. That's right, Assange's "poison pill" is secured by the U.S. government's own standard.

Though AES is an open and public cipher, it's the first to be approved by the NSA for "Top Secret" information, the term used for the most dangerous classified information. It is, in short, a tremendously badass form of protection.

An AES encryption doesn't work like, say, a login. The keys are just strings of binary (in the case of AES-256, 256 binary symbols) rather than words or characters, and entering the wrong key won't simply disallow access–it'll produce elaborately encoded gibberish.

https://www.popsci.com/technology/article/2010-12/how-secure-julian-assanges-thermonuclear-insurance-file/

2/2

There are three variants of AES, which differ in the size of their keys (128, 192, or 256 bits), though they all use the same 128-bit block size. The size of the key has other implications within the algorithm itself (and slightly increases the encoding time), but mostly, it increases the amount of time needed to break it with what's called a "brute force attack" (more on that in a bit). The three variants also carry different numbers of "rounds" protecting their keys. Each round is sort of like a layer of further obscurity, making the original data all the more disguised. AES-128 has ten rounds, AES-192 has twelve, and AES-256 has fourteen.

Those rounds make it effectively impossible to compare the ciphered data with its key and divine any sort of pattern, since the data has been so thoroughly mangled by, in this case, 14 rounds of highly sophisticated manipulation that it's unrecognizable. The rounds make an already secure algorithm that much more secure.

Possible Attacks

There are a few different ways of cracking a code like this. Many rely on some other information besides the code given. Side-channel attacks, for example, require an observation of the actual decoding: This might include data like the timing of deciphering, the power it takes to run the computer doing the deciphering, or even the noise a computer makes while deciphering. There are measures you can take to spoof this kind of thing, but even if Assange hasn't, side-channel attacks won't work in this case.

Another kind of attack, the one that's come closest, is the related-key attack. This method requires multiple keys, somehow related, working on the same cipher. Cryptographers have actually had some very limited success with related-key attacks, managing to greatly reduce the amount of possible correct passwords–but there are huge caveats to that. Related-key attacks require an advanced knowledge of the cipher and key that cryptographers never really have in the real world, like, say, a ciphered text and a deciphered text. Most modern key generation tools, like TrueCrypt and WPA2, have built-in protections against related-key attacks. And, worst of all, that success, which broke a 256-bit code, required a handicap: an altered encryption with less rounds. A related-key attack won't work on Assange's jacket-full-of-dynamite.

T

The time it takes to crack a code is thought of in terms of how many possible correct passwords there could be. If you're looking at a 256-bit password with no knowledge of anything, trying to just enter every conceivable combination of 0s and 1s, you'd have a "time" of 2256. Nobody measures the time it would take to crack one of these codes in hours, months, years, or centuries–it's too big for all of that, so they just use combinations. Trying to crack all of those combinations manually is called, aptly, a brute force attack, and in a 256-bit instance like this one, it'd take, roughly, a bajillion years to succeed (that being the scientific estimation). Even with all the supercomputers in the world working in concert, with a flawless algorithm for trying the different combinations, it would take hundreds of thousands of years. Your average dude with an Alienware? Forget about it.

In the case of the successfully cracked 256-bit code above, the cryptographers only managed to narrow it down to 270 possibilities–and they only got through the 11th round. Besides, 270 combinations is, in real world terms, not really much closer to cracked than 2256. It's still dramatically unfeasible.

The best possible method of cracking the code might be the simplest: Beat it out of him. This is, I swear to God, a real technique, called rubber-hose cryptanalysis. Assange is already in custody–the most efficient way to get his password is, by far, torture. It's also authentic in that it's the only type of cracking you'd actually see in a Bond movie. Sure as hell better than waiting several million years for a brute-force attack, right?

Conspiracies Are Afoot!That brings us to the conspiracy theory section, perhaps the most fun section of all. Encryption, especially the corners of the Internet in which it is feverishly discussed on near-incomprehensible message boards, is a topic that naturally invites conspiracy theories. One of the most interesting, regarding AES, is the "secret door" theory, speculating that one of the reasons the U.S. government selected the AES algorithm over several other worthy algorithms is that the government has the ability to crack it. In that case, the government has already cracked Assange's poison pill and knows exactly what it is–and regardless of what it is, it's almost certainly in the government's best interest to keep it quiet.It's a great conspiracy theory because it makes sense in terms of motivation, and it's something that would be impossible to prove decisively either way. In this case, however, it seems unlikely. The government's cryptographers are phenomenally talented, but they aren't necessarily more talented than those outside the government who for whatever reason have been working on cracking AES since its creation. The secret door isn't impossible, but it's extremely doubtful.

https://www.popsci.com/technology/article/2010-12/how-secure-julian-assanges-thermonuclear-insurance-file/

WikiLeaks Posts Mysterious 'Insurance' File 07.30.2010 03:09 PM

In the wake of strong U.S. government statements condemning WikiLeaks’ recent publishing of 77,000 Afghan War documents, the secret-spilling site has posted a mysterious encrypted file labeled “insurance.” The huge file, posted on the Afghan War page at the WikiLeaks site, is 1.4 GB and is encrypted with AES256. The file’s size dwarfs the size […]

In the wake of strong U.S. government statements condemning WikiLeaks' recent publishing of 77,000 Afghan War documents, the secret-spilling site has posted a mysterious encrypted file labeled "insurance."

The huge file, posted on the Afghan War page at the WikiLeaks site, is 1.4 GB and is encrypted with AES256. The file's size dwarfs the size of all the other files on the page combined. The file has also been posted on a torrent download site.

WikiLeaks, on Sunday, posted several files containing the 77,000 Afghan war documents in a single "dump" file and in several other files containing versions of the documents in various searchable formats.

Cryptome, a separate secret-spilling site, has speculated that the new file added days later may have been posted as insurance in case something happens to the WikiLeaks website or to the organization's founder, Julian Assange. In either scenario, WikiLeaks volunteers, under a prearranged agreement with Assange, could send out a password or passphrase to allow anyone who has downloaded the file to open it.

It's not known what the file contains but it could include the balance of data that U.S. Army intelligence analyst Bradley Manning claimed to have leaked to Assange before he was arrested in May.

In chats with former hacker Adrian Lamo, Manning disclosed that he had provided Assange with a different war log cache than the one that WikiLeaks already published. This one was said to contain 500,000 events from the Iraq War between 2004 and 2009. WikiLeaks has never commented on whether it received that cache.

Additionally, Manning said he sent Assange video showing a deadly 2009 U.S. firefight near the Garani village in Afghanistan that local authorities say killed 100 civilians, most of them children, as well as 260,000 U.S. State Department cables.

https://www.wired.com/2010/07/wikileaks-insurance-file/

>>12396319

Bakes

This article is from 2010, was hoping it would prompt someone,. the File is only 1.4 gig not the 89gig released in 2017

I'm trying to recall an article in 2008 / 2009 when he said something odd that stuck out, and I thought "oh that must be a key to something'

>>12396235 (You) , >>12396247 (You) , >>12396250 (You) How Secure Is Julian Assange's "Thermonuclear" Insurance File? (odd timing considering the Kappy key drop)

>>12396312

Julian Assange has changed everything. He is the canary in the mine that has been releasing solid information for decades.

When he released the CIA Hacking tools all hell broke loose and shit got shut down world wide.

Ever read about ICE Patrol ?

Have fun.

https://wikileaks.org/-Leaks-.html

>>12396390

everyone can see

they are sick and disgusting